WiFi Hacking Drones

Security experts are continuing to dig the leaked internal emails from the Hacking Team, the most recent revelation is related to the development of an unmanned aerial vehicle with the ability to run cyber attacks on computers and mobile devices through Wi-Fi networks.

Reading the email exchange between hacking team personnel, it is possible to verify that both Boeing and Hacking Team were working to a new model ofdDrone to use as an attack vector. The unmanned aerial vehicle is described as a drone that can run cyber attacks on targets via WiFi, and the vehicle has the ability to inject spyware into target systems in order to spy on victims.

According to the emails, after attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the company Insitu expressed its interest in the weaponized drones which was able to serve the spyware developed by the Hacking Team, the Remote Control System Galileo, for surveillance purpose.

Insitu already produces the surveillance drones ScanEagle and RQ-21A “Blackjack”, it is likely the company is thinking to develop a new weaponized drone.

One of the mails sent by Giuseppe Venneri, an Insitu employee, to Hacking Team’s key account manager Emad Shehata in April 2015 states:

“We see potential in integrating your Wi-Fi hacking capability into an airborne system [drone] and would be interested in starting a conversation with one of your engineers [Hacking Team staff] to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.”

Despite the content of the email, there is no specific information in other emails on the possible customer for the hacking drones.

hacking team and INSITU working on weaponized drone

In one of the leaked emails, the co-founder Marco Valleri provided detailed information ongoing projects including roadmaps for the development activities. Among the projects, there is the “Tactical Network Injector” (TNI), a hardware device designed to inject malware into Wi-Fi networks.

A drone equipped with a Tactical Network Injector could act as a bogus access point used by hackers to launch man-in-the-middle (MITM) attacks or to serve exploits.

The principle is simple,  if the target is using a public Wifi network, the drone forces it connecting to its access point in order to run MITM attacks and inject the malicious code designed by the Hacking Team.

In the following image, I reported an excerpt of the email related to the Tactical Network Injector, the to-do list includes also the name of the resource assigned to the project, the Hacking Team employee Andrea Di Pasquale.

Di Pasquale was in charge for the development of a ruggedized component that must be transportable by a drone (mandatory), and for the creation of a micro Tactical Network Injector usable by an unmanned aerial vehicle.

Hacking Team Weaponized Drone

0The HackerNews speculate about the interest of the US intelligence community  in the development of a hacking drone.

Early in 2014, researchers as Sensepoint Security developed an application called Snoopy running on drones to steal users’ data, the software look for smartphone signal while it is searching for a WI-Fi network. The drone equipped with Snoopy software can trick mobile devices into thinking it’s a trusted access point, then the application can access data from the handset.

According its creators, Snoopy was able to steal a huge quantity of information from victims, including user’s credentials, credit card numbers a location data. Researchers at Sensepoint successfully stolen Amazon, PayPal, and Yahoo credentials from random citizens in the streets of London.

To protect user’s data it is strongly suggested to mobile device owners to turn off any automatic connection process, including WI-Fi network-finding feature.

###

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA (European Union Agency for Network and Information Security)Treat Landscape Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.